-
公开(公告)号:US08363836B2
公开(公告)日:2013-01-29
申请号:US12355153
申请日:2009-01-16
IPC分类号: H04K1/00
CPC分类号: H04L63/029 , H04L63/12 , H04M7/0078
摘要: Techniques are described for the use of a cryptographic token to authorize a firewall to open a pinhole which permits certain network traffic to traverse firewalls. An initiating endpoint requests a token from a call controller, which authorizes a pinhole though the firewall. In response, the call controller may generate a cryptographic authorization token (CAT) sent towards the destination endpoint. The call controller may generate the token based on an authorization ID associated with the call controller, a shared secret known to both the call controller and the firewall, and data specific to the media flow for which authorization is requested.
摘要翻译: 描述了使用加密令牌授权防火墙打开允许某些网络流量穿过防火墙的针孔的技术。 发起端点从呼叫控制器请求令牌,呼叫控制器通过防火墙授权针。 作为响应,呼叫控制器可以生成朝向目的地端点发送的密码授权令牌(CAT)。 呼叫控制器可以基于与呼叫控制器相关联的授权ID,呼叫控制器和防火墙都知道的共享秘密,以及请求授权的媒体流特有的数据来生成令牌。
-
公开(公告)号:US20120246467A1
公开(公告)日:2012-09-27
申请号:US13493302
申请日:2012-06-11
申请人: Daniel G. Wing , Cullen F. Jennings
发明人: Daniel G. Wing , Cullen F. Jennings
IPC分类号: H04L9/32
CPC分类号: H04L63/126 , H04L63/0823
摘要: An authentication agent may cryptographically identify a remote endpoint that sent a media initialization message even though intermediate devices may modify certain fields in the message after a signature is inserted. The originating endpoint's agent may create the signature over some fields of the message using an enterprise network's private key. The agent may insert the signature into the message and send the message to a recipient endpoint's authentication agent. The recipient agent may verify the signature, receive a certificate including a second public key, and challenge the identity of the originating endpoint in order to confirm that identity. This challenge may request a confirmation that the originating endpoint knows the private key corresponding to the second public key and may occur while running encrypted media at the endpoints. After the originating endpoint is authenticated, the endpoints may exchange encrypted and/or unencrypted media.
摘要翻译: 认证代理可以密码地标识发送媒体初始化消息的远程端点,即使中间设备可以在签名被插入之后修改消息中的某些字段。 始发端点的代理可以使用企业网络的私钥在消息的某些字段上创建签名。 代理可以将签名插入消息中,并将消息发送到接收方端点的认证代理。 接收方代理可以验证签名,接收包括第二公钥的证书,并且对发起端点的身份进行质询以便确认该身份。 该挑战可以请求确认始发端点知道与第二公钥相对应的私钥,并且可能在端点处运行加密媒体时发生。 在始发端点被认证之后,端点可以交换加密和/或未加密的媒体。
-
公开(公告)号:US08191119B2
公开(公告)日:2012-05-29
申请号:US11369307
申请日:2006-03-06
IPC分类号: G06F7/04
CPC分类号: H04L29/06027 , H04L29/12009 , H04L29/12367 , H04L61/2514 , H04L63/0807 , H04L63/14 , H04L65/1069
摘要: A security policy enables security devices to forward ICE messages. The security policy may use protection tokens to prevent Denial of Service (DoS) attacks. This allows endpoints to use Interactive Connectivity Establishment (ICE) to enable multimedia communications across Network Address Translators (NATs) and other security devices.
摘要翻译: 安全策略使安全设备能够转发ICE消息。 安全策略可以使用保护令牌来防止拒绝服务(DoS)攻击。 这允许端点使用交互式连接建立(ICE)来实现网络地址转换器(NAT)和其他安全设备之间的多媒体通信。
-
公开(公告)号:US20110032940A1
公开(公告)日:2011-02-10
申请号:US12893975
申请日:2010-09-29
IPC分类号: H04L12/56
CPC分类号: H04L47/724 , H04L47/10 , H04L47/11 , H04L47/2458 , H04L47/2491 , H04L47/70 , H04L47/748 , H04L47/805 , H04L65/80 , H04L67/28
摘要: In one embodiment, a reservation proxy monitors for received connectivity check messages or beginning-of-media-flow indication messages. When either type of message is observed, the reservation proxy requests resource allocation for a media flow associated with the received message. The amount of resource allocation requested may be coordinated by exchanging messages with a call controller or policy server for one of the endpoints of the media flow, or the amount of resource allocation may be identified within the received message.
摘要翻译: 在一个实施例中,预留代理监视所接收的连接性检查消息或媒体流指示消息的开始。 当观察到任一类型的消息时,预留代理请求与所接收消息相关联的媒体流的资源分配。 可以通过与媒体流的端点之一的呼叫控制器或策略服务器交换消息来协调所请求的资源分配的量,或者可以在所接收的消息内识别资源分配的量。
-
45.发明申请Protected Device Initiated Pinhole Creation to Allow Access to the Protected Device in Response to a Domain Name System (DNS) Query 有权受保护的设备启动针孔创建以允许对响应域名系统(DNS)查询的受保护设备进行访问公开(公告)号:US20100191863A1
公开(公告)日:2010-07-29
申请号:US12358328
申请日:2009-01-23
申请人: Daniel G. Wing
发明人: Daniel G. Wing
IPC分类号: G06F15/16
CPC分类号: H04L63/029 , H04L29/12066 , H04L29/12471 , H04L61/1511 , H04L61/2553
摘要: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with a protected device initiating a pinhole through a network address translator and/or firewall to allow access to the protected device in response to a Domain Name System (DNS) query. In response to a received DNS query from a domain name system (DNS) server, an apparatus requests a traffic pinhole be created in a firewall or network address translator for allowing traffic initiated from a device, on another side of the firewall or said network address translator from the apparatus, to reach the apparatus.
摘要翻译: 公开了尤其涉及通过网络地址转换器和/或防火墙启动针孔的受保护设备相关联的方法,装置,计算机存储介质,机制和装置,以允许响应于域名系统访问被保护的设备 (DNS)查询。 响应于来自域名系统(DNS)服务器的接收的DNS查询,设备请求在防火墙或网络地址转换器中创建流量针孔,以允许从设备发起的流量,在防火墙的另一侧或所述网络地址 翻译器从设备到达设备。
-
公开(公告)号:US07627290B2
公开(公告)日:2009-12-01
申请号:US11176631
申请日:2005-07-07
IPC分类号: H04B17/00
CPC分类号: H04L41/5035 , H04L41/06 , H04L41/5087 , H04L43/106 , H04L45/02
摘要: A route convergence monitoring system and method provide for determining routing changes or affected devices that may cause detrimental or other quality conditions to occur in an endpoint device. In one embodiment, ongoing endpoint quality monitoring of quality conditions and convergence occurrence monitoring of successive route changes that may occur are initiated. An endpoint quality monitor provides for determining an endpoint quality condition and transferring an indicator of the condition (e.g., endpoint device and timing) to a network manager. The network manager may add one or more information indicators and provides the indicators to an end-to-end convergence monitor. The convergence monitor, receives the indicators and determines one or more of a second endpoint device, routing changes in at least a portion of the network and a correlation of routing changes that may have caused the indicated or other quality conditions to occur.
摘要翻译: 路由收敛监视系统和方法提供用于确定可能导致在端点设备中发生有害或其他质量状况的路由选择或受影响的设备。 在一个实施例中,启动对可能发生的连续路由改变的质量状况和收敛发生监视的持续端点质量监视。 端点质量监视器提供确定端点质量状况并将条件(例如,端点设备和定时)的指示符传送到网络管理器。 网络管理员可以添加一个或多个信息指示符,并将指示符提供给端对端收敛监视器。 收敛监视器接收指示符并且确定第二端点设备中的一个或多个,在网络的至少一部分中路由变化以及可能导致指示的或其他质量条件发生的路由改变的相关性。
-
47.发明申请公开(公告)号:US20090094666A1
公开(公告)日:2009-04-09
申请号:US11867656
申请日:2007-10-04
申请人: Feng Cao , Daniel G. Wing
发明人: Feng Cao , Daniel G. Wing
IPC分类号: H04L9/00
CPC分类号: H04L63/20
摘要: In one embodiment, a network device generates a protection policy responsive to identifying undesired voice data traffic. The network device then distributes the generated protection policy along a call path used for transferring the undesired voice data traffic. The proxy may distribute the protection policy by inserting the protection policy in a call response or other message that traces the call path back to a calling endpoint.
摘要翻译: 在一个实施例中,网络设备响应于识别不期望的语音数据业务而生成保护策略。 然后,网络设备沿着用于传送不期望的语音数据业务的呼叫路径分配生成的保护策略。 代理可以通过将保护策略插入呼叫响应或跟踪呼叫路径回到呼叫端点的其他消息来分发保护策略。
-
48.发明授权Method and apparatus for analyzing a media path for an internet protocol (IP) media session 有权用于分析因特网协议(IP)媒体会话的媒体路径的方法和装置公开(公告)号:US07496044B1
公开(公告)日:2009-02-24
申请号:US10797689
申请日:2004-03-09
申请人: Daniel G. Wing
发明人: Daniel G. Wing
IPC分类号: H04L12/26
CPC分类号: H04L29/06027 , H04L45/00 , H04L65/607 , H04L65/80
摘要: Time To Live (TTL) values are modified in media packets to intentionally cause rejection of the media packets at intermediate nodes in a media path. Rejection notices caused by the TTL modified media packets are then analyzed to isolate Quality of Service (QoS) problems in the media path.
摘要翻译: 在媒体包中修改生存时间(TTL)值,以故意导致媒体路径中的中间节点处的媒体分组的拒绝。 然后分析由TTL修改的媒体分组引起的拒绝通知,以隔离媒体路径中的服务质量(QoS)问题。
-
公开(公告)号:US07472411B2
公开(公告)日:2008-12-30
申请号:US11265596
申请日:2005-11-01
申请人: Daniel G. Wing , Robert T. Bell
发明人: Daniel G. Wing , Robert T. Bell
IPC分类号: G06F21/00
CPC分类号: H04L63/029 , H04L29/06027 , H04L29/125 , H04L29/12537 , H04L61/2564 , H04L61/2578 , H04L63/20 , H04L65/1006 , H04L65/1043 , H04L65/1069
摘要: An endpoint uses Interactive Connectivity Establishment (ICE) to enable multimedia communications to traverse Network Address Translators (NATs). A security policy enables security devices and asymmetric security devices to forward ICE messages. A management device stores information about an initial message. Later, a security device receives an ICE message and sends and authorization request to the management device. The management device compares information in the authorization request to information in memory. According to the comparison, the management device authorizes the security device to forward the ICE message.
摘要翻译: 端点使用交互式连接建立(ICE)来实现多媒体通信遍历网络地址转换器(NAT)。 安全策略使安全设备和非对称安全设备转发ICE消息。 管理设备存储关于初始消息的信息。 之后,安全装置接收到ICE消息,并向管理装置发送授权请求。 管理设备将授权请求中的信息与存储器中的信息进行比较。 根据比较,管理设备授权安全设备转发ICE消息。
-
公开(公告)号:US09634908B2
公开(公告)日:2017-04-25
申请号:US14259565
申请日:2014-04-23
CPC分类号: H04L41/5009 , H04L41/12 , H04L61/2514 , H04L61/2517
摘要: In one embodiment, characteristics of a connection traversing a packet switching device is determined, which includes, but not limited to, determining a network port number and/or address of an established connection based on a signature of the connection. In one embodiment, a packet switching device receives and forwards packets of particular communication between a device and a remote node in a network. The packet switching device maintains information of the particular communication and identification data for use in subsequent identification of said particular communication. In response to receiving a communications information request specifying a signature related to said particular communications, the packet switching device prepares and sends a response, which typically includes matching the signature to said maintained identification data resulting in identification of said information including a characterization of said particular communications, and sending a reply including the characterization of said particular communications.
-
-
-
-
-
-
-
-
-
搜索结果
63 条记录 (耗时 0.023 秒)
